[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Draft minutes for 12 Jan meeting
Please send me corrections. I missed a couple of speaker's names; look for "?:". Two new action items; look for "NEW AI" /r$ -- Rich Salz, Chief Security Architect DataPower Technology http://www.datapower.com XS40 XML Security Gateway http://www.datapower.com/products/xs40.html XML Security Overview http://www.datapower.com/xmldev/xmlsecurity.html
>Date: Monday, 12 January 2004 >Time: 12:00pm - 01:00pm Eastern Time >1. Welcome by chair (Nick Pope). Done. >2. Confirm Minutes Secretary (Rich Salz) Done. >3. Roll Call. Details to be provided by Hal. Numbers were 12 of 20 -- quorum achieved. >4. Approval of Agenda Approved by acclamation. >5. Approval of Minutes of DSS TC Face to Face previous meeting: >15 December 2003 >http://www.oasis-open.org/apps/org/workgroup/dss/download.php/4637/dss-minutes-15-dec-2003.txt Approved by acclamation. >6. Review of outstanding actions See below. >7. Core document. (WD-09) >http://www.oasis-open.org/apps/org/workgroup/dss/download.php/4915/oasis-dss-1.0-core-spec-wd-09.doc Trevor: Minor changes in most recent version -- AI 03-11-04-1, and a typo fix. Mostly stable, need to track profiles and bindings, update references. PDF version now available. >8. Profiles - presentation of initial ideas >- Timestamping > http://www.oasis-open.org/apps/org/workgroup/dss/download.php/4919/oasis-dss-1.0-timestamping-profile-spec-wd-01.doc Trevor: Hopefully produce template for others to use. Have some questions, including: +What type of timestamp to produce (RFC 3161, XML, etc); allow multiple types, or define a specific format (X509 based?) +[Sorry, I missed this one.] +What type of security (signed requests, authenticated errors, etc) is needed for the protocol interactions? Trevor will send out a summary of the issues. [NEW AI] Nick: worth separate sections on bindings, protocols, etc. Will send email with more details. Juan-Carlos: If doing CMS-signatures, need to understand relationship to RFC 3161 -- is it a competitor? Trevor(?): This is a good reason to be generic on timestamp format. Nick: endorse using timestamp profile as layout template for others. >- XAdES > http://www.oasis-open.org/archives/dss/200401/doc00000.doc Juan-Carlos: short proposal with underlying thoughts. Based on lifecycle of XAdES: creation, initial verification, refresh/update (such as for archiving) or asking for timestamp for validation, re-verification for (after the fact) arbitration purposes. Profile would support all these phases. ?: Arbitration? J-C: Yes, open archive and re-verify. >- WS-Security profile Nick: Frederick is interested, but was not present at the meeting to provide update. >- Corporate seal profile Nick: Also of interset to legalXML. Will wait and see to better understand their requirements, discuss with John. Idea is to support third-party. John: I thought we also wanted to support an entity acting on its own behalf. And take on legal obligation as a result. Nick: This is more than just integrity. John: yes. Nick: This might be same mechanism, but meaning behind it might be different. John: Need to make sure person acting as the signer is authorized, to make sure it's not "hijacked." Different from tamper-proof seal. Nick: This might be a separate profile. >- Code-signing profile Peter: Mapping elements from core to code-signing world. Want to keep it generic, than in appendices have mappings to specific code-signing formats. Alternative is to have separate documents. A reason for this is that there are a large number of code signing formats, so separate documents might be easier to add support. More details to be posted to the list. Nick: Generic profiles, with sub-profiles? Peter: Yes. Here's the generic, and then here's how to apply the generic to CAB files, etc. Need to think how to enable many types of mappings. I will send to the list to get the ball rolling. >- EPM Profile Nick: Steve expressed interest on the list in submitting something; they need to get the right resources involved. Juan-Carlos: We should take an action to ping them via email. [NEW AI on the chairs] Discussion on policy-wise Paul: Core allows for many options Paul: Server is responsible for determine signature type, etc. Nick: So this is for a dumb client? Paul: Dumb, or underprivileged. (The new term for the old classic "lightweight"?) >9. Profiles - next steps >- Tasks on specific profiles >- Co-ordination tasks Nick: How to organize profiling, find common structure, ensure alignment with the core? Juan-Carlos: A general coordinator would need to assess alignment of profiles with core. For example, XML constructs being re-used from the core. In XAdES we came up with a list of tasks on how to accomplish the profile. Rich: so it's like a "style manager." I think it's a very good thing. Nick: think about taking on this role. Chairs will discuss. Juan-Carlos: what about a task list? We [chairs] should discuss to see which of the tasks make sense to circulate for others doing profiles. Nick: Some, such as time-stamping, are very straightforward. Some will need more work. Juan-Carlos: Yes. Having a task list makes it easier to track progress of profiles when we better understand what they need to specify. Nick: Really want a short document from all profiles for next meeting so that we can determine what the next steps should be. Trevor: Authors should look at TS profile, which is pretty simple, to see how appropriate the structure is to their profiles. ?: You mean the XAdES outline? Nick: That's the minimum; if you can get into more detail, that's fine. But do it in time for review at next meeting. >10. Any other business None. >11. Confirm next conference call: 26th Jan 04 Confirmed. >12. Close Done. >-- >Outstanding Actions: >03-11-04-1 / 03-12-15-1: Trevor is to add a note in the core document >to indicate that profiles must explain the semantics of the claimed >identity element. Done. >03-11-17-3 Juan-Carlos has circulated a proposal: Potential >contents of additional details present in the verification response - >JC/Trevor to continue discussion on potential contens for additional >details Their discussions continuing; still open. >03-11-17-4. John Messing to ask the legalXML group meeting if they >want to submit a profile for DSS and if they want to will (sic) it to be >defined as a formal signature. Issue raised; they have no interest. They are considering a "digital lock" which is like other DigSig profiles. Likely: hash will be minimal, but sig will be "best practice." Formal issue closed, but John will track with they're doing. >03-12-15-2: Juan-Carlos and Nick are to request expressions of >interest in developing profiles for the next meeting. Done. Some interest expressed; see below. >03-12-15-3: All who are interested in developing a profile are to >provide a discussion of the proposed characteristics of the profile >by the next meeting. Paul Madsen policy-wise server profile: how to use DSS protocol when all hash mechanism, etc., issues are handled by server. Paul to send a note to the list.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]